Can I restrict a SharePoint admin from accessing a secure team? #M365AMA

In this episode, the #M365AMA panel discusses the following community question:

“What is the best way to keep security and not allow someone who is a SharePoint admin to add themselves to a “secure” team. I had a few ideas but I wasn’t sure if they were good ideas. Create a separate SharePoint site collection and have that team assigned to the site collection. Find a policy that forces a non site owner to have no read or write permissions to change access. Create a notification rule if a user is added or removed that it notifies the site owner. If anyone has any other ideas please let me know.”

Check out the discussion here:

 

Participating in this discussion were:

• Christian Buckley @buckleyplanet 
• Mike Nelson @mikenelsonIO
• Sean McDonough @spmcdonough

Some relevant notes/links shared by the team:

• Can I block a SharePoint system administrator from seeing the libraries that I choose? [https://answers.microsoft.com/en-us/msoffice/forum/all/can-i-block-sharepoint-system-administrator-from/c6d89edd-1a8c-4839-8e8e-62b1a33fed63]
• Managing SharePoint Online Security: A Team Effort [https://learn.microsoft.com/en-us/microsoft-365/community/sharepoint-security-a-team-effort]
• About the SharePoint Administrator role in Microsoft 365 [https://learn.microsoft.com/en-us/sharepoint/sharepoint-admin-role]
• A side topic re: Microsoft Teams admin access: Can administrators access Teams files? [https://learn.microsoft.com/en-us/answers/questions/695583/can-administrators-access-teams-files.html]